> Nevertheless, most IoT devices only talk (outgoing) to some server in > some cloud, and are reasonably safe, at least until the server is > attacked.
Which is why I'll only buy systems for which the API is either open or well-understood. I have several sets of Philips hue bulb networks in the house. They sit on the secured non-routable internal network and have never been able to phone home. The central server drives them directly using a Perl tool I wrote (huepl), and now the security and access controls are metered by me, not by Philips. Similarly, my home camera system connects to an Axis concentrator that is only accessible on that same non-routable network. The central server grabs snapshots and motion JPEG feeds from it. Again, the security is now in my hands. I admit I'm paranoid and having this requirement reduces the amount of hardware I'll see fit to buy, but usually it reduces it to the higher quality devices in any case. -- ------------------------------------ personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- Reality is when it finally happens to you, too. ----------------------------
